I wrote and compiled a minifilter driver using WDK 7.0 build utility for Windows 7 32 bit. Then i installed it on a Windows 7 (32 bit) machine running on VMWare using OSR's driver loader utility. When i ran DbgView, i could see the DbgPrint output accurately.
Then i compiled that very same driver using WDK 8.0 integrated in Microsoft Visual Studio Pro 2012 for Windows 7 (32 bit). That created 3 files as a result, a sys, cat and inf file. I installed the Driver on a Windows 7(32 bit) machine running on VMWare, by right clicking the inf file and selecting 'install'. Then i started the service from command prompt which started fine. But even though it was the same code/driver, i cannot see the DbgPrint output in DbgView, from the driver that was compiled using WDK 8.0/VS2012 Pro. Here is the code that actually does the printing (Post Operation Callback function for IRP_MJ_CREATE):
FLT_POSTOP_CALLBACK_STATUS CreateFilePostOpCallback(__in PFLT_CALLBACK_DATA Data, __in PCFLT_RELATED_OBJECTS FltObjects,
__in_opt PVOID CompletionContext, __in FLT_POST_OPERATION_FLAGS Flags)
{
PFLT_FILE_NAME_INFORMATION fileNameInfo;
NTSTATUS status;
UNREFERENCED_PARAMETER(FltObjects);
UNREFERENCED_PARAMETER(CompletionContext);
UNREFERENCED_PARAMETER(Flags);
status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED|FLT_FILE_NAME_QUERY_DEFAULT, &fileNameInfo);
if(!NT_SUCCESS(status))
return FLT_POSTOP_FINISHED_PROCESSING;
FltParseFileNameInformation(fileNameInfo);
DbgPrint("%wZ created/opened", &fileNameInfo->Name);
FltReleaseFileNameInformation(fileNameInfo);
return FLT_POSTOP_FINISHED_PROCESSING;
}
What am i missing here?
In vista and above DbgPrint messages get masked by default.
Try this in your WinDbg prompt
ed Kd_DEFAULT_Mask 8
Refer to this question Kernel trace Windows 7 WinDbg or this article DbgPrint in vista and later for more details.